What is Privileged Identity Management?
In its Wave report, Forrester uses the term PIM. In its Magic Quadrant report, Gartner uses the term PAM.
For the most part, these terms are used interchangeably. But there is a subtle difference.
PIM focuses on managing identities
PIM determines a specific distribution of rights for each privileged user identity across multiple systems in your organization, ensuring that they can only access data and perform certain actions within set boundaries. PIM governs privileged identities throughout their lifecycle, from creation or provisioning new identities to revoking or de-provisioning identities. PIM determines how identities should be organized in groups so that they can be managed consistently according to your security policies.
PAM focuses on managing access
PAM allows organizations to determine exactly what level of access a privileged user or system may have, related to resources (devices, applications, environments, network files, etc.) for a set time period. PAM solutions provide just-in-time access and allow elevated or emergency access in specific situations. They also allow organizations to control and audit that access, through functionality like credential creation and storage, password rotation, and session monitoring.
PIM and PAM are a subset of IAM
Identity Access Management (IAM) applies to all users in an organization—not just IT admins or superusers—who have a digital identity that needs to be managed. Regardless of the user type, IAM systems follow the idea that each user must have their own digital identity that includes username, password, and online activities.
During provisioning and de-provisioning processes, IAM checks each identity to confirm that it has the appropriate access. These solutions connect to Active Directory or other systems like Okta that centralize identity management. IAM systems also give organizations the ability to modify a user, create usage reports, and reinforce policies.